ayer se publicaron dos advisories sobre un par de bugs que encontramos con Francisco Falcón en cámaras IP D-Link y Vivotek.
Las vulnerabilidades son las siguientes:
D-Link:
- CVE-2013-1599: execute arbitrary commands from the administration web interface
- CVE-2013-1600: access the video stream via HTTP
- CVE-2013-1601: access the ASCII video stream via image luminance
Vivotek:
- CVE-2013-1597: dump the camera's memory and retrieve user credentials
- CVE-2013-1598: execute arbitrary commands from the administration web interface (pre-authentication with firmware 0300a and post-authentication with firmware 0400a)
No hay comentarios:
Publicar un comentario